One of the largest areas of exposure for public companies (and to some extent, private companies) is securities class actions and/or shareholder derivative claims relating to affirmative acts of mismanagement and/or failure to act/disclose by officers and directors in response to the COVID-19 outbreak.
Another major area of concern relates to liability arising from cyber security and privacy issues, given that many company employees are now working remotely to avoid exposure to COVID-19. The failure to sufficiently protect a company’s network could leave the company vulnerable to cyberattacks, ransom demands, loss of company data, and overall exposure for failing to insure against cyber risks.
Coverage under a D&O policy for the above exposures will vary according to the individual terms and conditions of the policy. Nevertheless, securities class actions and shareholder derivative claims are claims that typically fall within the scope of the insuring agreement under a D&O policy. In assessing the potential for coverage, careful review of several exclusions and other issues is necessary. For example, the language of any bodily injury exclusion should be reviewed for its breadth (e.g., claims “arising from” bodily injury vs. claims “for” bodily injury) as well as any exceptions to that exclusion, such as securities actions.
As is often the case with D&O claims, the language of the conduct exclusion (i.e., dishonest, fraudulent, malicious, and criminal acts) should be reviewed to determine whether its application requires a final adjudication exhausted by appeal or only “in fact” confirmation of such conduct. Moreover, claims also may implicate the professional services exclusion to the extent an employee’s professional services to the company gave rise to the claim, such as legal advice from an in-house counsel, forensic accounting services by the Chief Financial Officer, or otherwise.
As to cyber security and privacy, direct losses caused by a cyber event may need separate cyber insurance. To the extent the cyber event triggers a securities class action, however, there are a number of exclusions (including those discussed above) that may require consideration. For example, the exclusion for war or terrorism should be considered in the event of a cyberattack because there are instances in which cyberattacks are orchestrated by state actors or quasi-state actions and/or terrorist organization criminal enterprises – as opposed to random, “lone wolf” actors.
In order to put your business in the best possible position ahead of a decision about a Directors & Officers Liability claim, adhere to the following best practices.
Document and report claims immediately. Without ample notice and prompt filing, coverage will likely be denied. There is no downside to filing claims as soon as possible. Doing so ensures that your business will be in the right place when applicability of WC coverage claims are resolved.
Provide comprehensive details surrounding each claim. File each claim with as much detail as possible to ensure thorough review of your coverage and unique scenario by the carrier.
Record each individual claim by line of coverage. Doing so will make it easier to monitor carrier response internally and simultaneously provide your carrier with a simplified way to absorb multiple claims from your business.